"Software is riddled with bugs. Most of these bugs are unimportant for security, while a few allow hackers to take control of a computer," Brumley said. "The goal of this research is to find the exploitable bugs so that they can be fixed first before they can be used by hackers."

The research will investigate novel techniques, approaches, and algorithms for finding exploitable bugs.

"The ability to determine whether a bug is exploitable or not will allow developers to prioritize bug reports so that the most security-critical bugs are fixed first. The techniques investigated also will help developers distribute patches safely," said Brumley, who also recently participated in a DARPA-sponsored program to inform a new generation of researchers about the Department of Defense's information technology needs and priorities.

"This is a wonderful award for such an innovative researcher and outstanding instructor. David Brumley's research and his attention to detail when it comes to his students is what Carnegie Mellon is all about. We applaud this great work," said Ed Schlesinger, head of Carnegie Mellon's Department of Electrical and Computer Engineering.

Brumley's research interests also include the areas of computer security, network security and applied cryptography. He received his undergraduate degree in mathematics in 1998 from the University of Northern Colorado, a master's degree in computer science in 2003 from Stanford University and a Ph.D. in computer science in 2008 from Carnegie Mellon.

###

Pictured above is David Brumley, an assistant professor in the Department of Electrical and Computer Engineering and the School of Computer Science.